Bounce Back message - SMTP Communication Problem

lazcar
lazcar used Ask the Experts™
on
We have a company that is currently having 90% of their emails being rejected with the following error:

 There was a SMTP communication problem with the recipient's email server.  Please contact your system administrator.
            <mail.corporatefloors.com #5.5.0 smtp;550-(mail.corporatefloors.com) [68.65.129.82]:43920 is currently not permitted>

Yesterday we switched over T1 providers and after the change over I made the updates to the firewall for all of the policies for Exchange, VPN, etc along with the changes on the DNS side.    All of the email comes through fine now but when they send out emails to people outside the internal exchange network they are coming back rejected.   I did a look up on the ip and it appears to not be on any blacklists..    Is there something I am missing on the Exchange side the would be causing this problem.

Thanks
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Awarded 2009
Top Expert 2010

Commented:
Do you use a smarthost?
If you have changed T1 provider theN your external ip address will have changed and will need to be updated at whoever provides your smarthost for you.

This maybe the domain ISP or a 3rd party virus scanner maybe?
Alan HardistyCo-Owner
Top Expert 2011

Commented:
Is the domain posted your domain?
If it is, then your MX records / RDNS and FQDN for you mail server is all messed up.
Your 1 MX record is:
10 mail.mailroute.net. [TTL=1800] IP=199.89.0.202 (No Glue) [TTL=600] [US]
it's RDNS setting is:
202.0.89.199.in-addr.arpa lax-mail.mailroute.net. which does not match mail.mailroute.net as it should
and when you connect to mail.mailroute.net you get this:
mail.mailroute.net claims to be host lax-gw08.mroute.net [but that host is at 199.89.0.108 (may be cached), not 199.89.0.202].
All this info can be found by requesting a DNS report at www.dnsstuff.com.
If this is your domain, then it is no wonder you are having problems sending mail!
Alan HardistyCo-Owner
Top Expert 2011

Commented:
If I do an NSLOOKUP on mail.corporatefloors.com I get a different IP address to the one listed in your domain report as your MX record?!?!?!?!
Success in ‘20 With a Profitable Pricing Strategy

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Subash SundharanIT Infrastructure Architect

Commented:
Refer this post for troubleshooting this issue. This post is not for the exact error but similar steps will help you to trouble shoot this issue..
http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_24557679.html
You are using a Spam service from mailroute, that is why your MX record is mail.mailroute.net.
The mail.mailroute.net's PTR (rDNS) is fine, and so is their SMTP Banner, they are all configured correctly.

If your server is mail.corporatefloors.com, your SMTP Banner and reverse DNS are all fine as well (but I might change it from custxx.telexxxx.com to something that represents your domain, and ideally to mail.corporatefloors.com), this will not be causing the issue here though.

This is not a DNS issue.

I am inclined to believe this is either a DNS issue (can you use telnet nslookup to check that DNS resolution is working ok) OR your smarthost provider will not accept mail from you because you are on another network.

Shaun
When I say inclined to belive this is a DNS issue, I mean a DNS issue your SERVER has when trying to resolve records, not from the DNS records you have setup for your domain (they are all fine)

Shaun
Awarded 2009
Top Expert 2010

Commented:
Hmmm, it still looks to me that the smarthost/spam filter provider/virus scanner provider is bit aware of the change in external IP address

mail.corporatefloors.com #5.5.0 smtp;550-(mail.corporatefloors.com) [68.65.129.82]:43920 is currently not permitted>

this tells me it's relaying to the smarthost but the smarthost us rejecting it as not being permitted.
Awarded 2009
Top Expert 2010

Commented:
If you ate running small business server and have changed your ISP you may also want to consider running the connect to the Internet wizard and ensure all the DNS settings etc. Are correct for your new ISP
Alan HardistyCo-Owner
Top Expert 2011

Commented:
I guess some feedback would be good before we all speculate ourselves silly! ;-)

Author

Commented:
Sorry for the lack of response.  

I had originally told mailroute.net (Spam filtering company) to change their pointer to point to the ip address of our T1 so that once I made the change on our router we would not have to wait for any changes for mail. to resolve or update.  So they made the change and email came through fine but that night i was getting reports of email bouncing back.  So on Saturday I told mailroute  to change it back to mail.corporatefloors.com instead of an ip address.   After they made their change I no longer was getting emails rejected.  Not real sure if that is the problem because they are still getting emails rejected but just a handful a day.  

So is it possible that we just got a bad (blacklisted) set of ip addresses or is it because I had them change the mx record to point to an ip address instead of mail.corporatefloors.com originally?
Alan HardistyCo-Owner
Top Expert 2011

Commented:
You can check youself on the following site for being blacklisted - http://www.mxtoolbox.com/blacklists.aspx
or check on www.dnsstuff.com and request a domain report to see if you are setup properly.

Author

Commented:
How would I know if they are setup on a smart host provider?  
Alan HardistyCo-Owner
Top Expert 2011

Commented:
Smart Host - What do you mean?
Smart Hosts are used for outbound emails - usually your ISP's mail server.
Awarded 2009
Top Expert 2010

Commented:
Check in Exchange System Manager under connectors and SMTP Connector properties the firs tab should tell you where you send all your email.

If there is a hostname/ip address then you use a smarthost if DNS is checked then you use DNS
To check whether smarthost is in use:

1) See if you have an SMTP connector:
 
Open Exchange System Manager --> Connectors --> SMTP connector - if you see a connector here that relates to outgoing mail or SMTP, then this may be responsible for outgoing mail. Go to properties and the front page will show if you have a Smarthost entry. If you do, you are using a smarthost. If this is blank, go to step 2.
 
2) Next, check your SMTP bridgehead does not specify a smarthost entry. Open Exchange System Manager -> Servers --> [SERVERNAME] -> Protocols -> SMTP --> Default SMTP virtual server --> Properties --> Delivery --> Advanced --> Smarthost.
If there is an entry here, you are using a smarthost. If it is blank then you are using DNS.

Shaun

Author

Commented:
Thanks for the help
Awarded 2009
Top Expert 2010

Commented:
What was the actual solution to this?

Author

Commented:
Ok I finally got a response back from the T1 provider regarding this issue.  Here is what they responded with....

"The problem here is that 68.65.129.86 has a generic PTR associated with it.  

PTR Pass PTR= cust86.telwestnet.net.

That is a placeholder PTR weve got in place for almost every one of our IP addresses.   When customers begin using our services, if they have an email server at their location they typically request a PTR to reflect the IP address their mail is coming from and the URL of their name server.    Typically its something like    Mail.customerdomain.com   PTR    68.65.x.x

If you forward me the URL of your mail server to align with the 68.65.129.86 IP address I can create a PTR for that IP address and submit a de-list request to Trend Micro, the guys who have you listed.  "

Hopefully this should take care of it.   Not sure how common it is to have to request a PTR record setup when signing up for new service but hopefully that's it?

Thanks for all the responses!!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial